← Back to team overview

openerp-india team mailing list archive

[Bug 974472] Re: Users_Ldap shows admin password

 

pushed in trunk r7636
thanks for reporting.

** Changed in: openobject-addons
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Addons.
https://bugs.launchpad.net/bugs/974472

Title:
  Users_Ldap shows admin password

Status in OpenERP Addons (modules):
  Fix Released

Bug description:
  By default after installing the addon in 6.1 it requests the admin
  password in order to query the global catalog.  The password is then
  saved and shown in the clear any time someone views the configuration.
  It should be possible to see the configuration without seeing the
  password.

  The password is also stored in plain text in the database!  This is a
  password that can query your AD/LDAP global catalog.  It's very bad if
  people were to get a hold of this password.

  1) Steps to reproduce the issue you have observed

  Install openerp 6.1 and install the users_ldap addon.  Configure the
  addon. Now visit that company's configuration tab, and inside will be
  the ldap settings.  Double clicking on those will show you a view that
  includes the plain text password.

  2) The result you observed
  Seeing the password we previously entered.

  3) The result you expected
  Having the password be starred, or hidden, or not visible but editable through a dialogue.

  4) The platform your are using
  debian/ubunutu  

  5) The OpenERP version you are using (e.g. 5.0.15, 6.0-dev), if possible including the specific 
  6.1 alpha and 6.1 stable .deb packages confirmed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-addons/+bug/974472/+subscriptions


References